feat: support multiple routes and addresses, support wireguard

defaults/main.yml

@@ -16,6 +16,7 @@ systemd_networkd_netdev: []
 #   - key: LACPRransmitRate
 #     value: fast
 #   filename: 10-bo0.netdev
+#
 # - netdev_options:
 #   - key: Name
 #     value: br0
@@ -23,6 +24,31 @@ systemd_networkd_netdev: []
 #     value: Bridge
 #   bridge_options: {}
 #   filename: 10-br0.netdev
+#
+# - netdev_options:
+#   - key: Name
+#     value: wg0
+#   - key: Kind
+#     value: wireguard
+#   wireguard_options:
+#   - key: PrivateKey
+#     value: "my-priv-key"
+#   - key: ListenPort
+#     value: "51820"
+#   wireguard_peers:
+#   - name: "a description"
+#     options:
+#     - key: PublicKey
+#       value: "public-key-of-remote-peer"
+#     - key: PresharedKey
+#       value: "preshared-key"
+#     - key: AllowedIPs
+#       value: "allowd-ips"
+#     - key: PersistentKeepalive
+#       value: "25"
+#     - key: Endpoint
+#       value: my-endpoint
+#   filename: 10-wireguard.netdev
 
 systemd_networkd_network: []
 # - match_options:
@@ -42,6 +68,7 @@ systemd_networkd_network: []
 #   - key: RouteMetric
 #     value: 20
 #   filename: 20-wlp.network
+#
 # - match_options:
 #   - key: Name
 #     value: bo0
@@ -60,5 +87,26 @@ systemd_networkd_network: []
 #   dhcp_options:
 #   - key: RouteMetric
 #     value: 10
+#
+# - match_options:
+#   - key: Name
+#     value: wg0
+#   network_options:
+#   - key: DNS
+#     value: "1.2.3.4"
+#   - key: DNSDefaultRoute
+#     value: "false"
+#   addresses:
+#   - options:
+#     - key: Address
+#       value: "192.168.178.100/32"
+#   routes:
+#   - name: VPN-Network
+#     options:
+#     - key: Destination
+#       value: "192.168.178.0/24"
+#     - key: Gateway
+#       value: "192.168.178.100"
+#   filename: "50-wireguard.network"
 
 systemd_timesyncd_timezone: Europe/Berlin

meta/main.yml

@@ -1,52 +1,24 @@
 galaxy_info:
-  author: your name
+  role_name: networking
-  description: your role description
+  author: Markus Pesch
-  company: your company (optional)
+  description: Role to configure network interfaces via systemd on different distributions
+  company: Cryptic Systems
+  license: MIT
+  min_ansible_version: "2.9"
+  platforms:
+  - name: ArchLinux
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+  - name: Fedora
+    versions:
+    - "35"
 
-  # If the issue tracker for your role is not on github, uncomment the
+  galaxy_tags:
-  # next line and provide a value
+  - systemd-networkd
-  # issue_tracker_url: http://example.com/issue/tracker
+  - wiregurd
-
+  - resolvectl
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
-
-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
 
 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.

tasks/main.yml

@@ -3,12 +3,12 @@
 - name: Load variables
   include_vars: "{{ ansible_os_family }}.yml"
 
-- name: "remove existing systemd-networkd configuration"
+- name: "Remove existing systemd-networkd configuration"
   file:
     path: "/etc/systemd/network"
     state: absent
 
-- name: "create systemd-networkd directory"
+- name: "Create systemd-networkd directory"
   file:
     path: "/etc/systemd/network"
     owner: root
@@ -27,7 +27,7 @@
       mode: 0644
     when: item.netdev_options is defined and
           item.netdev_options | selectattr("key", "==", "Kind") and
-          item.netdev_options | selectattr("value", "!=", "WireGuard")
+          item.netdev_options | selectattr("value", "!=", "wireguard")
     with_items: "{{ systemd_networkd_netdev }}"
 
   - name: Create sensitive systemd.netdev files
@@ -39,8 +39,9 @@
       mode: 0600
     when: item.netdev_options is defined and
           item.netdev_options | selectattr("key", "equalto", "Kind") and
-          item.netdev_options | selectattr("value", "equalto", "WireGuard")
+          item.netdev_options | selectattr("value", "equalto", "wireguard")
     with_items: "{{ systemd_networkd_netdev }}"
+    no_log: true
     notify: restart networkd
 
 - name: Create systemd.networkd files
@@ -63,25 +64,25 @@
     owner: root
     group: root
 
-- name: start and enable networkd
+- name: Start and enable systemd-networkd
   service:
     name: systemd-networkd
     state: started
     enabled: yes
     daemon_reload: yes
 
-- name: start and enable resolved
+- name: Start and enable systemd-resolved
   service:
     name: systemd-resolved
     state: started
     enabled: yes
     daemon_reload: yes
 
-- name: set timezone
+- name: Set system timezone
   timezone:
     name: "{{ systemd_timesyncd_timezone }}"
 
-- name: start and enable timesyncd
+- name: Start and enable systemd-timesyncd
   service:
     name: systemd-timesyncd
     state: started

templates/systemd.netdev.j2

@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: "True", trim_blocks: "True"
 #
 # {{ ansible_managed }}
 #
@@ -30,9 +31,17 @@
 {% endfor %}
 {% endif %}
 
-{% if item.wireguard_peer_options is defined and item.wireguard_peer_options | length > 0 %}
+{% if item.wireguard_peers is defined %}
+{% for wireguard_peer in item.wireguard_peers %}
+{% if wireguard_peer.options is defined and wireguard_peer.options | length > 0 %}
+{% if wireguard_peer.name is defined and wireguard_peer.name | length > 0 %}
+# {{ wireguard_peer.name }}
+{% endif %}
 [WireGuardPeer]
-{% for wireguard_peer_option in item.wireguard_peer_options %}
+{% for option in wireguard_peer.options %}
-{{ wireguard_peer_option.key }}={{ wireguard_peer_option.value }}
+{{ option.key }}={{ option.value }}
 {% endfor %}
 {% endif %}
+
+{% endfor %}
+{% endif %}

templates/systemd.network.j2

@@ -24,19 +24,32 @@
 {% endfor %}
 {% endif %}
 
-{% if item.addresses is defined and item.addresses | length > 0 %}
+{% if item.addresses is defined %}
 {% for address in item.addresses %}
+{% if address.options is defined and address.options | length > 0 %}
+{% if address.name is defined and address.name | length > 0 %}
+# {{ address.name }}
+{% endif %}
 [Address]
-{% for address_option in address.options %}
+{% for option in address.options %}
-{{ address_option.key }}={{ address_option.value }}
+{{ option.key }}={{ option.value }}
 {% endfor %}
+{% endif %}
 
 {% endfor %}
 {% endif %}
 
-{% if item.route_options is defined and item.route_options | length > 0 %}
+{% if item.routes is defined %}
+{% for route in item.routes %}
+{% if route.options is defined and route.options | length > 0 %}
+{% if route.name is defined and route.name | length > 0 %}
+# {{ route.name }}
+{% endif %}
 [Route]
-{% for route_option in item.route_options %}
+{% for option in route.options %}
-{{ route_option.key }}={{ route_option.value }}
+{{ option.key }}={{ option.value }}
+{% endfor %}
+{% endif %}
+
 {% endfor %}
 {% endif %}